Three Ways CISOs Can Combat Emerging Threats in 2025

73% of CISOs fear a material cyberattack in the next 12 months, with over three-quarters convinced AI is advancing too quickly for existing methods to combat it. But what can CISOs do to prepare for the coming wave – and access the resources they need to deal with this evolving threat landscape?

To find out, we talked to Gady Margalit, CISO at esh Bank Israel, and Noam Brosh, Director of Information Security at Hunters – whose combined 45+ years made them the perfect guides to this challenging moment. 

How One AI-Driven Media Platform Cut EBS Costs for AWS ASGs by 48%

How One AI-Driven Media Platform Cut EBS Costs for AWS ASGs by 48%

Here are three key takeaways from the conversations:

1. Invest in Risk Assessments

Many CISOs want to rush to remediate every threat at once, but this is often actively counterproductive. Just 40% of companies run even annual risk assessments, which leaves them effectively blind to many of the biggest threats they face. That is why Brosh insists companies should invest in thorough, organization-wide risk assessments and make difficult strategic decisions about which factors to prioritize.

This may produce surprising results, as many of the biggest “trends” in cybercrime are not directly related to technical weaknesses. Margalit cites credential theft as an example: 60% of attacks are the result of this practice, and they don’t stem from a weakness in the cybersecurity system – they are achieved through social engineering or takeovers like the “0ktapus” phishing campaign.

2. Focus on Evolution, Not Revolution

Cybersecurity infrastructure cannot be rushed, and CISOs must focus on a gradual evolution rather than a sudden, disruptive revolution. This involves identifying which factors your organization should have in place and funneling energy into filling those gaps. “You must choose your battles according to your critical needs,” Brosh says.

For example, most startups should use Secure Access Service Edge (SASE) as their guiding principle. “Most startups work with laptops,” Margalit explains. “Everything gets mixed up. That means there’s no protection against data leakage, and no control over what comes in, goes out, or gets installed.”

While some professionals may think that simply introducing a VPN solves these issues, SASE goes far beyond that. “SASE,” Margalit shares, “includes components like Cloud Access Security Brokers (CASBs), Secure Web Gateways, and Zero Trust Network Access (ZTNA). Furthermore, many startups don’t even have a firewall in place—and introducing one will be the fastest, most impactful way to improve their security posture.”

3. Reframe Threats as Business Risks

Resource limitations are a constant concern for cybersecurity; the average annual increase in security budgets has dipped considerably in the last few years, as has hiring – both of which make life considerably more challenging for overworked and understaffed leaders. However, Margalit argues the issue is not about access to financial resources but rather a question of trust between the cybersecurity teams and the C-suite.

“I’ve never seen a board of directors be told there’s a significant risk and respond, ‘We don’t have the budget’,” he says. Instead, he argues leaders will almost always receive the funding they need – as long as they can adequately demonstrate the risk involved. 

“Today, directors have personal liability,” Margalit points out. “If you present the problem as a business risk – not a theoretical threat – you’ll get what you need.” This is echoed by Brosh, who claims that cybersecurity should be merged with business intelligence to enable a single, seamless way of monitoring the impact of risk on operations and the bottom-line.

Combat Emerging Threats with the Right Partner

Ultimately, Margalit and Brosh agreed on one core fact: your choice of partners is crucial to success in 2025. “Attention to details is key,” Brosh says. ”As is having a robust SLA.” Margalit adds, “You need someone to help you translate products into the business context. They shouldn’t be trying to push solutions—they should be trying to help you.'”

That is the role GlobalDots plays for CISOs around the world. Our speakers recommended organizations adopt SASE to protect against 2025’s most urgent threats, such as credential theft, “0ktapus” phishing campaigns and data leakage. GlobalDots provides a curated portfolio of battle-tested solutions that meet all these needs and more. We can connect you with the best CASBs, Secure Web Gateways, ZTNAs – as well as helping you plan, implement and proactively manage them. 

Want a proven partner to help you navigate the evolving threat landscape in 2025?

Latest Articles

How to Defeat Bad Bots in 2024 (and Why It’s Still So Hard)

Introduction  Bots today outnumber human users in eCommerce sites: From 15% in 2017, to 30% in 2019, to 64% in 2021. Some extreme cases we’ve witnessed peaked in 90-99.8% bot traffic. But perhaps the more concerning bit is the traffic share of bad bots: an approximate 39% of all internet traffic in 2021.   Hackers are […]

Eduardo Rocha Senior Sales Engineer and Security Analyst
13th June, 2024
Announcing New Anti-Fraud Tool to Detect, Categorize and Bust Fraudulent Activity

Online fraud is destroying customer trust and corroding revenue. Data from the Federal Trade Commission show the full extent of today’s problem: fraud losses in the US rose to $5.9 billion in 2021, an increase of 436% from 2017. Further research conducted by PWC shows that it’s not just individuals being duped by these global […]

Eduardo Rocha Senior Sales Engineer and Security Analyst
30th March, 2023
An expert’s analysis: Here’s what we need to build a better IoT

Eduardo Rocha, Senior Solutions Engineer at GlobalDots, contributed a guest post to BuiltIn, the online community for startups and tech companies.  In the article, he outlined his approach for creating an IoT infrastructure that is both durable and secure. Here are some of the main takeaways: How One AI-Driven Media Platform Cut EBS Costs for AWS ASGs by […]

Eduardo Rocha Senior Sales Engineer and Security Analyst
28th February, 2023
The definitive guide for a complete SOC solution

Bad actors succeed when organizations are not prepared or if they treat their cybersecurity with an “it won’t happen to me” mentaillity. These two are exactly what hackers look for when either trying to extort a business or when targeting one for any other purpose.  Integrating a complete SOC solution (whether in-house or outsourced) into your business […]

Ganesh The Awesome Senior Pre & Post-Sales Engineer at GlobalDots
9th January, 2023

Unlock Your Cloud Potential

Schedule a call with our experts. Discover new technology and get recommendations to improve your performance.

    GlobalDots' industry expertise proactively addressed structural inefficiencies that would have otherwise hindered our success. Their laser focus is why I would recommend them as a partner to other companies

    Marco Kaiser
    Marco Kaiser

    CTO

    Legal Services

    GlobalDots has helped us to scale up our innovative capabilities, and in significantly improving our service provided to our clients

    Antonio Ostuni
    Antonio Ostuni

    CIO

    IT Services

    It's common for 3rd parties to work with a limited number of vendors - GlobalDots and its multi-vendor approach is different. Thanks to GlobalDots vendors umbrella, the hybrid-cloud migration was exceedingly smooth

    Motti Shpirer
    Motti Shpirer

    VP of Infrastructure & Technology

    Advertising Services